Why to protect Web-Applications?

The Reasons:

Web-Applications are profitable targets
While in the past attackers had to enter the internal company network to get access to the company's confidential information stored in backend systems, nowadays a lot of these confidential data are merged inside the company, then 'trusted' to web-applications for e-business. Often these applications have direct access to the backend systems - and thus can be attacked through manipulated requests.

 
Data theft leads to severe loss of prestige
For E-Business models, the users' confidence in the security of the operating systems is the necessary business foundation. Though the general public is aware of only a part of the cases of successful data theft, the users' confidence has been undermined by the increase of these cases. The financial losses seem still manageable, especially for big companies, but it takes a lot of investment to regain the customers' confidence.

 
Compliance with legal requirements and industry standards
In Germany there are the Data Protection Act, the Corporate Sector Supervision and Transparency Act as well as Basel II which particularly demand suitable measures to minimize risk and potentially hold managers personally responsible.
Additionally there are industry standards to adhere to, such as the latest Payment Card Industry Data Security Standard (PCI DSS v1.1). Noncompliance with these regulations can result in very steep fines.